Lucene search
WpvulndbWPVDB-ID:538A02F8-1AAC-4F5E-AD22-7B98745BE27EHistoryFeb 12, 2024 - 12:00 a.m.
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting
2024-02-1200:00:00
wpscan.com
6
stored cross-site scripting
elementor
widgets
woocommerce builders
vulnerability
authentication
contributor access
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.9.9 |
Related
prion
prion
Cross site scripting
2024-02-29 01:43:00
cve
cve
CVE-2024-1276
2024-02-29 01:43:46
cvelist
cvelist
CVE-2024-1276
2024-02-20 18:56:40
nvd
nvd
CVE-2024-1276
2024-02-29 01:43:46
wordfence
wordfence
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for WPVDB-ID:538A02F8-1AAC-4F5E-AD22-7B98745BE27E